db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (DERBY-857) LDAP user authentication fails under a security manager
Date Tue, 16 Oct 2007 13:04:51 GMT

    [ https://issues.apache.org/jira/browse/DERBY-857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535243
] 

kmarsden edited comment on DERBY-857 at 10/16/07 6:04 AM:
----------------------------------------------------------------

This is the offending code  in LDAPAuthenticationSchemeImpl.  It is only an issue for a sane
build and only with the property derby.debug.true=AuthenticationTrace set, which is probably
why it hasn't come up on the user list.

Interestingly, nothing shows up in this file, for successful or unsuccessful connections.
Lastly the name  of the file CloudLDAP.out is not ideal.   I see three   options
1) Put a priv block around this code. Change the filename and make sure the bug  doesn't reproduce.
2) Remove the code altogether since it is not working.
3) Try to get LDAP tracing working.  Suggestions welcome.

if (SanityManager.DEBUG)
		{
			if (SanityManager.DEBUG_ON(
						AuthenticationServiceBase.AuthenticationTrace)) {
				try {
					initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
								new java.io.FileOutputStream("CloudLDAP.out"));
				} catch (java.io.IOException ie) {}
			}
		}


      was (Author: kmarsden):
    This is the offending code  in LDAPAuthenticationSchemeImpl.  It is only an issue for
a sane build and only with the property derby.debug.true=AuthenticationTrace set, which is
probably why it hasn't come up on the user list.

Interestingly, nothing shows up in this file, for successful or unsuccessful connections and
the com.sun.naming.ldap.trace.ber, I think is not portable.  Lastly the name  of the file
CloudLDAP.out is not ideal.   I see three options
1) Put a priv block around this code. Change the filename and make sure the bug  doesn't reproduce.
2) Remove the code altogether since it is not portable/working.
3) Find some portable way to invoke LDAP tracing. Suggestions welcome.

if (SanityManager.DEBUG)
		{
			if (SanityManager.DEBUG_ON(
						AuthenticationServiceBase.AuthenticationTrace)) {
				try {
					initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
								new java.io.FileOutputStream("CloudLDAP.out"));
				} catch (java.io.IOException ie) {}
			}
		}

  
> LDAP user authentication fails under a security manager
> -------------------------------------------------------
>
>                 Key: DERBY-857
>                 URL: https://issues.apache.org/jira/browse/DERBY-857
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.2.1.6
>            Reporter: Daniel John Debrunner
>            Assignee: Kathey Marsden
>
> Running the test jdbcapi/secureUsers1.sql with a security manager results in:
> > ERROR 08004: Connection refused : javax.naming.CommunicationException: noSuchMachine:389
[Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission
noSuchMachine resolve)]
> Adding this permission to the policy file has no effect. which means a priv block is
required around the LDAP call.
> permission java.net.SocketPermission "noSuchMachine", "resolve";

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message